CVE-2023-31421

Name of the Vulnerable Software and Affected Versions Beats (affected versions not specified) Elastic Agent (affected versions not specified) APM Server (affected versions not specified) Fleet Server (affected versions not specified)

Description The issue is related to errors in the TLS certificate authentication procedure. When acting as TLS clients, the software does not verify whether the server certificate is valid for the target IP address, although certificate signature validation is still performed. Specifically, when the client is configured to connect to an IP address instead of a hostname, it does not validate the server certificate's IP SAN values against that IP address, resulting in failed certificate validation and unblocked connections as expected. This allows a remote attacker to establish a connection with an invalid server certificate.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.